CVE-2024-36451
- EPSS 0.57%
- Veröffentlicht 10.07.2024 07:15:03
- Zuletzt bearbeitet 08.10.2025 16:54:20
Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a sy...
CVE-2012-4893
- EPSS 0.85%
- Veröffentlicht 11.09.2012 19:55:00
- Zuletzt bearbeitet 16.06.2026 23:45:51
Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip ...
- EPSS 2.12%
- Veröffentlicht 11.09.2012 18:55:01
- Zuletzt bearbeitet 16.06.2026 23:42:27
Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter.
CVE-2012-2982
- EPSS 61.93%
- Veröffentlicht 11.09.2012 18:55:01
- Zuletzt bearbeitet 16.06.2026 23:42:27
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
- EPSS 20.46%
- Veröffentlicht 11.09.2012 18:55:01
- Zuletzt bearbeitet 16.06.2026 23:42:28
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
- EPSS 2.2%
- Veröffentlicht 02.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:11:05
The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password.